SetFileSecurity设置文件目录安全属性(NTFS下)的问题.
whn 2004-03-19 04:35:07 我用SetFileSecurity设置一个文件的访问属性都没有问题
但用同样的代码对目录设置时,就有问题,
比如我对一个目录设置为everyone的GENERIC_ALL访问属性
everyone到时加到文件夹的安全名字列表中去了
但那些权限(GENERIC_ALL)一个都没有被设置.怎么回事啊
对文件没有问题的啊.
我的代码:
#define WORLD_ACCESS GENERIC_ALL//GENERIC_READ|GENERIC_WRITE
PSID CreateWorldSid()
{
SID_IDENTIFIER_AUTHORITY authWorld = SECURITY_WORLD_SID_AUTHORITY;
PSID pSid, psidWorld;
BOOL bRes;
DWORD cbSid;
bRes = AllocateAndInitializeSid(&authWorld,
1,
SECURITY_WORLD_RID,
0,
0,
0,
0,
0,
0,
0,
&psidWorld);
if (FALSE == bRes) {
return NULL;
}
// Make a copy of the SID using a HeapAlloc'd block for return
//
cbSid = GetLengthSid(psidWorld);
pSid = (PSID) HeapAlloc(GetProcessHeap(), 0, cbSid);
if (NULL == pSid) {
return NULL;
}
bRes = CopySid(cbSid, pSid, psidWorld);
if (FALSE == bRes) {
return NULL;
}
FreeSid(psidWorld);
return pSid;
}
HRESULT SetFileRight(char* pFileObject)
{
HRESULT hr=S_OK;
PSID psidEveryone;
PACL pAcl;
SECURITY_DESCRIPTOR sd;
BOOL bRes;
DWORD cbAcl;
psidEveryone = CreateWorldSid();
cbAcl = GetLengthSid (psidEveryone) +
sizeof(ACL) + ((sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)));
pAcl = (PACL) HeapAlloc(GetProcessHeap(), 0, cbAcl);
if (NULL == pAcl) {
HeapFree(GetProcessHeap(), 0, psidEveryone);
return S_FALSE;
}
bRes = InitializeAcl(pAcl,
cbAcl,
ACL_REVISION);
if (FALSE == bRes) {
hr=S_FALSE;
goto CleanUp;
}
bRes = AddAccessAllowedAce(pAcl,
ACL_REVISION,
WORLD_ACCESS,
psidEveryone);
if (FALSE == bRes) {
hr=S_FALSE;
goto CleanUp;
}
// Put together the security descriptor
//
bRes = InitializeSecurityDescriptor(&sd,
SECURITY_DESCRIPTOR_REVISION);
if (FALSE == bRes) {
hr=S_FALSE;
goto CleanUp;
}
bRes = SetSecurityDescriptorDacl(&sd,
TRUE,
pAcl,
FALSE);
if (FALSE == bRes) {
hr=S_FALSE;
goto CleanUp;
}
if (!SetFileSecurity(pFileObject,
DACL_SECURITY_INFORMATION,
&sd))
{
hr=S_FALSE;
}
else
hr=S_OK;
CleanUp:
HeapFree(GetProcessHeap(), 0, pAcl);
HeapFree(GetProcessHeap(), 0, psidEveryone);
return hr;
}